Showing posts with label security patch. Show all posts
Showing posts with label security patch. Show all posts

Wednesday, July 19, 2017

Take Control of Your Offered WiFi Experience with MyWiFi Networks

Nowadays, free WiFi at your establishment or event is expected by customers and attendees. How you manage that WiFi experience can mean the difference between a positive or negative encounter for your connected customers or attendees.
MyWiFi Networks enables you to take control of your end user’s WiFi experience through white-label branding, real-time analytics, social authentication, and custom splash pages. Whether you’re looking to promote your coffee shop via social authentication for the WiFi, standardize the WiFi branding at your various retail locations, or provide a professional WiFi experience for your next event, MyWiFi Networks has you covered.
Through integrating with Zapier, you can now connect MyWiFi Networks to over 750+ apps. You’ll be able to capture accounts connected to your social WiFi network as leads in your CRM, automatically add info to shared spreadsheets and marketing campaign tools to easily track users, and stay in touch after a visitor connects to your WiFi. Plus, Zapier is embedded into their intuitive automation feature so you can set up Zaps in seconds.
Once you create a Zap, it'll be saved as a template so you can easily apply the same settings for any of the available MyWiFi Networks Triggers. Manage your WiFi offering and improve the user experience with Zapier + MyWiFi Networks.

How MyWiFi Networks Works with Zapier

Triggers

  • New Social Wi-Fi Device User: Triggers when a new social Wi-Fi user connects to a device.
  • New Social Wi-Fi Campaign User: Triggers when a new social Wi-Fi user connects to a campaign.
  • New Social Wi-Fi Location User: Triggers when a new social Wi-Fi user connects to a location.

Automation Inspiration

Get started with these sample Zaps:

Capture Connected Users as Leads in Your CRM

Add new social Wi-Fi users as Salesforce leads
Create or Update HubSpot contacts for new social Wi-Fi users
Add new social Wi-Fi users to an AdRoll CRM Retargeting Segment

Stay In Touch with Accounts After They’ve Disconnected

Create or update new social Wi-Fi users as Drip subscribers
Create Google Contacts for new social Wi-Fi users
Add new social Wi-Fi users to Facebook Offline Conversions events

How To Automate MyWiFi Networks With Zapier

  1. Sign up for a MyWiFi Networks account, and make sure you have a Zapier account
  2. Try some pre-made MyWiFi Networks integrations and learn more about how MyWiFi Networks works with Zapier
  3. Check out our MyWiFi Networks help documentation for details on connecting your account and setting up your first Zap
  4. Or login and build a custom workflow with MyWiFi Networks and Zapier

Friday, July 7, 2017

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug


Google’s July 2017 security fixes for Android are out.
As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.
RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.
Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.
In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.
The majority of the July 2017 RCE bugs in Android appear under the heading “Media framework”, which means they are Android flaws that are exposed when files such as images or videos are processed for display.
Like the infamous Stagefright bug in Android back in 2015, bugs of this sort can potentially be triggered by actions that don’t arouse suspicion, because images and videos can unexceptionably be embedded in innocent-looking content such as MMS messages and web pages.
There’s also an RCE bug in Android’s built-in FTP client – this one affects all Android versions still getting patches, from 4.4.4 all the way to 7.1.2.
We’re not sure how easy it is to trigger this bug, but we’re assuming it’s tricky to exploit because Google gives it only a moderate rating.
(Mild risk ratings are unusual for RCEs – they usually attract a high or critical rating because there’s a lot at stake if an RCE vulnerability does get exploited.)

“Proximate attacker” warning

The most intriguing bug this month, however, is an RCE flaw in the Broadcom Wi-Fi code that’s used by Android devices equipped with certain Broadcom wireless chips.
According to Google, “a proximate attacker [could] execute arbitrary code within the context of the kernel”.
In plain English, that means a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device…
…and end up with the same programmatic powers as the Android operating system on your device.
Given that the Android kernel is responsible for keeping your apps apart, for example by preventing the new fitness app you just installed from sneaking a look at your browsing history, a security compromise inside the kernel itself is about as serious as it gets.
Unfortunately, we can’t yet give you any real detail about the Broadcom RCE patch.
The researcher who found the bug will be presenting his findings at the end of July 2017 at the Black Hat 2017 conference in Las Vegas.
Until then, all we really have are teasers for his forthcoming talk, and a the funky-sounding name BroadPwn for the vulnerability.
(Understandably, no one who’s about to unveil a cool exploit at Black Hat wants to risk giving away a TL;DR version before the talk takes place – that would be like leaking the names of the Oscar winners a week before the awards ceremony.)
Interestingly, back in April 2017, a number of security issues in Broadcom wireless firmware were found to affect both iOS and Android devices – so if you’re an iPhone user, don’t be surprised if this month’s Google patches are quickly followed by a security patch from Apple, too.

What to do?

As usual, we’re going to repeat our usual mantra: “Patch early, patch often.”
What we can’t tell you is when the vendors of devices other than Google’s own Nexus and Pixel phones will be ready with their patches – if you’re worried, ask your vendor or the carrier who supplied your device.
Also, we can’t give you a handy list of the thousands of different Android devices out there that not only include Broadcom wireless cards but also have firmware that’s affected by the BroadPwn bug.
Once again, if you are worried, ask your supplier or mobile carrier.
Having said that, we can offer you Sophos Mobile Security for Android, 100% free of charge: although it won’t patch the abovementioned security holes for you, it will stop you from browsing to risky websites and from downloading booby-trapped adware and malware apps.
A good Android anti-virus not only makes it harder for crooks to push risky content onto your device but also stops them pulling you towards phishing pages, survey scams and other criminally oriented websites.